Security

How Jamdesk protects your documentation and account data.

Infrastructure Security

Data Centers

Jamdesk runs on major cloud providers with SOC 2 compliance:

• Build service: Google Cloud Platform
• CDN: Cloudflare (300+ edge locations)
• Database: Google Cloud Firestore

Encryption

Access Controls

GitHub Integration

Jamdesk's GitHub App requests minimal permissions:

• Read-only access to repository contents
• Webhook access for build triggers
• No write access to your code

We never modify your repository.

Team Access

• Role-based access control (Owner, Admin, Member)
• Audit logs for sensitive actions
• Automatic session expiration

Data Handling

What We Store

• Your docs.json configuration
• Compiled documentation (HTML, CSS, JS)
• Build logs (retained for 30 days)
• Analytics data (anonymized)

What We Don't Store

• Your source code (fetched on-demand, not retained)
• User passwords (hashed with bcrypt)
• Payment card numbers (handled by Stripe)

Build Isolation

Each documentation build runs in an isolated container:

• No access to other customers' data
• Fresh environment for every build
• Containers destroyed after completion

Compliance

GDPR

Jamdesk complies with GDPR requirements:

• Data processing agreements available
• Right to deletion honored
• Data portability supported

Privacy

Our analytics:

• Don't use cookies
• Don't track individuals
• Respect Do Not Track headers

See our Privacy Policy for details.

Incident Response

In case of a security incident:

1. We investigate and contain the issue
2. Affected customers are notified within 72 hours
3. Post-incident report provided

Reporting Vulnerabilities

Found a security issue? Report it responsibly:

• Email: security@jamdesk.com
• Include: Description, steps to reproduce, impact assessment
• We'll acknowledge within 48 hours

We don't currently have a bug bounty program.

Questions?

Related Articles